54 lines
2.3 KiB
Plaintext
54 lines
2.3 KiB
Plaintext
import com.amazonaws.auth.profile.ProfileCredentialsProvider as ProfileCredentialsProvider
|
|
import com.amazonaws.services.securitytoken.AWSSecurityTokenService as AWSSecurityTokenService
|
|
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder as AWSSecurityTokenServiceClientBuilder
|
|
import com.amazonaws.auth.AWSStaticCredentialsProvider as AWSStaticCredentialsProvider
|
|
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest as GetCallerIdentityRequest
|
|
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest as AssumeRoleRequest
|
|
|
|
class GetCredentials():
|
|
'''
|
|
Gets aws credentials for the provided path and region.
|
|
|
|
'''
|
|
|
|
def __init__(self, path, profile, region):
|
|
self.path = path
|
|
self.profile = profile
|
|
self.region = region
|
|
self.credentials = self.get_credentials()
|
|
|
|
def get_credentials(self):
|
|
'''Gets the credentials for the AWS account which the s3 bucket is in.
|
|
|
|
Args:
|
|
|
|
Returns:
|
|
credentials : The aws credentials for a given profile stored on the server.
|
|
'''
|
|
credentials = ProfileCredentialsProvider(self.path, self.profile).getCredentials()
|
|
return credentials
|
|
|
|
def assume_role(**kwargs):
|
|
aws_credentials_file_path = kwargs.get("credentials_file_path")
|
|
aws_profile_name = kwargs.get("profile_name")
|
|
aws_region = kwargs.get("region")
|
|
aws_arn = kwargs.get("arn")
|
|
aws_api_id = kwargs.get("api_id")
|
|
aws_stage = kwargs.get("stage")
|
|
aws_arn_role = kwargs.get("arn_role")
|
|
arn_role = "arn:aws:iam::%s:role/client-api-access-role" % (aws_arn)
|
|
#Query the credentials on the ec2 instance, they are found at CREDENTIALS_FILE_PATH
|
|
# aws = AWS.credentials.GetCredentials(aws_credentials_file_path, aws_profile_name, aws_region )
|
|
# aws_creds = aws.get_credentials()
|
|
sts_client = AWSSecurityTokenServiceClientBuilder.standard().build()
|
|
identity_request = GetCallerIdentityRequest()
|
|
identity = sts_client.getCallerIdentity(identity_request)
|
|
assumeRoleRequest = AssumeRoleRequest().withRoleArn(arn_role).withRoleSessionName("Ignition8");
|
|
response = sts_client.assumeRole(assumeRoleRequest);
|
|
session_creds = response.getCredentials();
|
|
access_key = session_creds.getAccessKeyId()
|
|
secret_key = session_creds.getSecretAccessKey()
|
|
session_token = session_creds.getSessionToken()
|
|
credentials = {"AccessKey":access_key, "SecretKey":secret_key, "SessionKey":session_token}
|
|
return credentials
|